1
我在我的網站中設置了搜索按鈕。如果有結果,它工作正常,但如果沒有,它不顯示「沒有結果.....」。在沒有結果的情況下,在PHP中搜索時不顯示消息
我的代碼有什麼問題?
<html !DOCTYPE HTML>
<body>
<?php
$title = "DenTEETH";
include('header.html');
//connect to database
$db = mysqli_connect("127.0.0.1", "root", "", "authentication");
if(isset($_GET['q']) && $_GET['q'] !== '')
{
$searchq = $_GET['q'];
$sql = "SELECT * FROM search WHERE keyword LIKE '%$searchq%' OR title LIKE '%$searchq%'";
$output='';
$results = mysqli_query($db, $sql);
if (count($results) == 0){
$output .= 'No search results for <b>"' . $searchq . '"</b>';
}
else{
while ($row = mysqli_fetch_array($results)){
$id = $row['search_id'];
$title = $row['title'];
$desc = $row['description'];
$link = $row['link'];
$img = '<img src="images/thumbnail/'.$row['search_id'].'.jpg" class="thumbnail">';
$output .= '<div class="search_thumb">
<p class="search_cap"><a href="' . $link . '">' . $img . '<h3>' . $title . '</h3></a>' . $desc .
'<div class="clear"></div></p></div>';
}
}
}
else{
header("location: ./");
}
print($output);
?>
<div class="row">
</div>
<?php
include('footer.html');
?>
</body>
</html>
你的腳本是[SQL注入攻擊(風險http://stackoverflow.com/questions/60174/how-can-i-prevent -sql -injection-in-php)看看[Little Bobby Tables]發生了什麼(http://bobby-tables.com/)即使[如果你正在逃避輸入,它不安全!](http:/ /stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)使用[prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart。製備-statements.php)。 –
這裏不能使用count()。你必須使用mysqli_num_rows() –